OWASP Chapter Meeting in San Francisco Hosted by Lookout
Thursday, August 21, 2014 from 5:30 PM to 8:00 PM (PDT)
San Francisco, CA
San Francisco, California
London, United Kingdom
5:30-6:15 pm : Networking with Drinks & Food
6:15-6:45 : Speaker - Paul McMillan: Attacking the Internet of Things using Time
7:00-7:30 : Speaker - Ben Hagen: Cloud Security at Scale and What it Means for Your Application
7:30-8:00 : More food, drink, and security "hallway con"
- Paul McMillan, Neubla - Attacking the Internet of Things using Time
- Ben Hagen, Netflix - Cloud Security at Scale and What it Means for Your Application
Bio & Talk Description
Paul McMillan @PaulM - Attacking the Internet of Things using Time
- Internet of Things devices are often slow and resource constrained. This makes them the perfect target for network-based timing attacks, which allow an attacker to brute-force credentials one character at a time, rather than guessing the entire string at once. We will discuss how timing attacks work, how to optimize them, and how to handle the many factors which can prevent successful exploitation. We will also demonstrate attacks on at least one popular device. After this presentation, you will have the foundation necessary to attack your own devices, and a set of scripts to help you get started.
- Paul McMillan is a security engineer at Nebula. He also works on the security teams for several open source projects. When he's not building or breaking the internet, he enjoys, cocktails and photography.
Ben Hagen @BenHagen - Cloud Security at Scale and What it Means for Your Application
- Cloud computing is all the rage, but few organizations have really thought about what security means for their applications and networks in cloud-centric deployments. Netflix is amongst the largest users of public cloud resources and consumes roughly 1/3 of all the US’s downstream broadband at peak. This talk will cover the processes used at Netflix to deploy and secure large-scale applications to the Cloud. Netflix has developed a suite of architectures, processes, and tools to make security in the Cloud as elegant as possible... most of these are, or will soon be, Open Sourced. Several tools will be previewed in the talk.
These systems include:
- Hundreds of applications; with hundreds of production deployments a day ... all using an “immutable server model”
- Crazy monkeys that roam the clouds to enforce availability models through random instance homicide
- OCD fish that swim cloudy waters to make sure firewalls are sane and consistent across the globe
- Inquisitive penguins automatically assess the risk of an application based upon its codebase and interconnections with other applications
- ... and many more ...
- Ben Hagen is likely the only security professional in the world who has won both a presidential election and an Emmy. He loves security and both building and breaking things. Ben currently leads the Security Tools and Operations team at Netflix. During the 2012 US Presidential Election he was in charge of security for the Obama 2012 re-election campaign’s technology program. Prior to this role, he was a Security Consultant with Neohapsis, and Motorola where he had to break into, and then help fix, the computer networks of lots of organizations.
OWASP Bay Area
Stay up to date on our wiki page or linkedin group